Posted
by
Soulskillon Sunday August 22, 2010 @05:17AM
from the meine-Brieftasche-ist-radioaktiv dept.

An anonymous reader writes "The production of RFID chips, an integral element of the new generation of German identity cards, has started after the government gave a 10-year contract to the chipmaker NXP in the Netherlands. Citizens will receive the mandatory new ID cards starting from the first of November. The new card allows German authorities to identify people with speed and accuracy, the government said. These authorities include the police, customs and tax authorities and of course the local registration and passport granting authorities. There are some concerns that the use of RFID chips will pose a security or privacy risk, however. Early versions of the electronic passports, using RFID chips with a protocol called 'basic access control' (BAC), were successfully hacked by university researchers and security experts."

Two out of three US men — 67% - are overweight or obese. Finland, Germany, Greece, Cyprus, the Czech Republic, Slovakia and Malta have now all exceeded this figure. England and Wales are not far behind.

The EU is so worried about it that it has launched its own campaign against obesity. 'The time when obesity was thought to be a problem on the other side of the Atlantic has gone by,' said Mars Di Bartolomeo, Luxembourg's Minister of Health.

Frankly, I don't think urban sprawl has anything to do with obesity in a significant way. I think it has to do with fat/calorie content of restaurant food (especially so in the US), and the fact that 'eating out', which used to be the odd occurrence here, has become more the norm for a high percentage of homes. Way too much fast food, or even regular restaurants that don't have healthy menu's. We also spend far more time isolated in our homes, on the internet, and watching TV.

On a side note, I eat out a couple of times a week but I adapt my intake to compensate for shitty food that I might eat on occasion. I also spend 6-10 hours a week in the gym doing heavy lifting and I bicycle for 8-16 miles on the weekends. I live in the the deep south where obesity is even higher than the 'norm' for the U.S.

I sometimes feel like a stranger in my own land given the looks I get in public at times.

One of the problems that the various FDAs the world over have caused with all of the pesticides and preservatives they mandate that the food industry use at every step of the processing chain is that the food not degrade at any point.

Obesity results when the LAST point in the chain, ME and THEE folks, doesn't degrade the food either. It just sits there, on our hips, waists and in our blood streams, turning into toxic, insoluble fats.

On the contrary. Since the new EU passports contain fingerprint data and a digital version of the picture, much of the contention about the new passports revolved around the creation of a central database of biometric information. If the passports were just an index into the database, then that database would be inevitable.

It is important that technology-minded users learn not to apply the usual centralist approach to everything. We are not cattle.

``It is important that technology-minded users learn not to apply the usual centralist approach to everything. We are not cattle.''

We are not? Then why do we let ourselves be herded and look to the herders for our every need, including a sense of safety and comfort?

Note that by "we" I mean the general population. It doesn't necessarily apply to you, or even to me. But new tracking measures are being rolled out, and I don't see a lot of people making a fuss about it - rather, I see a lot of people being in f

The first three posts in this discussion are - as of now - ACs. Though different from the normal 'First Piss Post'-category. They are spot on the topic. Still ACs. Why?Already fearful of being tracked? Yes, you are. Through your IP-addresses.Next year you can be tracked by having your Personalausweis in your pocket. Or in your bag. You need it, because you want to enter an official building; the Rathaus.Or doing banking business:"Guten Morgen, Frau Müller.""Uh, Sie kennen mich?""Nein, aber Sie haben Ihren Ausweis dabei! Ich denke Sie wollen Ihren Urlaub bezahlen!?""Woher wissen Sie das?""Nun, als Sie hier hereinkamen, hat unsere Sicherheitssoftware gemeldet, dass Sie gerade auch im Reisebüro waren."

The first three posts in this discussion are - as of now - ACs. Though different from the normal 'First Piss Post'-category. They are spot on the topic. Still ACs. Why?Already fearful of being tracked? Yes, you are. Through your IP-addresses.

Users of slashdot can not track me. Only the website admins can. The thing I am afraid of is slashdot comments taken out of context in 10-30 years time.

Even if it were, it would be dangerous. Giving someone remote access to your passport/ID card number is a security risk by itself.

They already have your face, anyone can take a picture of your face without you knowing it. If they can create a fake document matching that face to the right document number that's a big step towards stealing your identity.

Not really. You could have a card with RFID which embeds a key that unlocks data in the database. Since governments have control over the database one wouldn't have to worry much their data being looked at by unauthorised staff and if the database was ever stolen only your physical card could unlock it.

Also there are benefits to having an ID card rather then a passport. One being you never run out of space for stamps and then have to spend lots of money on extending the pages or a new passport.

You could have a card with RFID which embeds a key that unlocks data in the database. Since governments have control over the database one wouldn't have to worry much their data being looked at by unauthorised staff and if the database was ever stolen only your physical card could unlock it.

You obviously have a very different government to mine. If it's in a government database in the UK, the odds are that copies of it will be posted to the wrong address on unencrypted DVD-Rs, left on hard drives on trains or in taxies, leaked to the press, or used by council employees for private purposes.

A better solution is not to store the information in either place. Store it on the passport in encrypted form and store the encryption key in the central database (or vice versa). You then need to both do a database query and scan the passport to have access to the data. If someone gets a copy of the database, it's no use to them without the passports. If someone steals a passport, they can't access the information on it.

Then you need to apply for another one, just as you had to apply for the first one.

Is all your information lost then?

My passport doesn't appear to contain any unique information aside from the passport number. Things like my name, date of birth, nationality, and so on are all on other documents. If you lost your passport, then you'd have to provide all of this information again. The procedure would be no different to when you apply for your first passport.

The chip is based on the ISO14443-A standard and you can only communicate with it over at most 15 cm distance (about 6 inch). Under normal conditions the range goes down to roughly one inch. You have to walk very close to the bomb to set it off.

A bomb will also have a hard time to identify you. The chip has an ID that is public readable, but for privacy reasons this ID is a random number that is only valid for a single transaction session.

Also the article is wrong. The pass will not use the BAC protocol but the much improved PACE protocol. That's state of the art crypto. It's still broken by design because you can do a simple man in the middle attack over the air, but it is a lot better..

Disagree. No response means no one is there and/or they're not German. Any response means there is a German, now do something (probably bad). You're arguing you don't know the state of Schrodingers cat. I'm arguing that knowing Schrodingers cat is present, is in itself a valuable datapoint.

That said, if you use public transport, there is basically no way around taking it along with you.

Really? I've never been asked to show my identity card. What you may required to show in certain situations (as in, when caught using the transport without a valid ticket, or in case of using a price-reduced personalized ticked), is an official paper with image ("amtlicher Lichtbildausweis"), but that doesn't have to be your identity card, your driving license should work anyway (I don't have experience with th

Is 96ft (~29m) far enough away, that's the Defcon record. Blackhat USA 2010 has beat it don't know the practical distance achieved but the paper gives a theoretical maximum of 565ft (~172m). Want to change some of those assumptions? It's a radio, distance is based on three things transmitter power, receiver sensitivity and atmospheric conditions the first 2 can be controlled very easily.

You need a two way communication. From the reader to the tag, and from the tag to the reader. The ISO14443-A tag is not capable to actively send out answers. Instead it loads down the magnetic field that powers it. This load is measured on the side of the reader and interpreted as answers from the tag.

If I remember right the tag must be able to pull about 10% of energy out of the magnetic field

It's a near field communication chip, which isn't easily readable from more than a few centimeters away.

Maybe you were trying to be reassuring, but what that actually means is the device absolutely won't trigger until the victim sits at the bus stop, or restaurant seat or whatever. If the IED goes off 500 feet down the road, no problemo unless its a suitcase nuke, but if it doesn't go off until you sit on the park bench, then you're pretty much screwed.

For the curious, it takes approximately 4 layers of aluminum foil to block a scanner from activating the RFID signal when your Al lined wallet is point blank from a standard scanner.

(After receiving an RFID enabled ID card here in the Netherlands last year, I tested it on our office copy/scanner RFID reader, and then simply lined my wallet with double the number of layers it took to block the signal. Works like a charm!)

um, you only tested it on standard public rfid receivers. Hackers / governments / criminals can make much better antennas for their rfid scanners, getting far greater range, even on foil sealed devices.You would be far better off building and wearing an rfid jammer.

The ögon card case [ogondesigns.com] is made from aluminium sheet with a plastic interior. I wonder if the gap between the halves is small enough to protect the cards inside from sniffing. I haven't tried it on mine yet.

Germans must be able to identify themselves with either a passport or an ID card. There is no obligation to have either of those with you at any time.

The new cards do not use classic RFID chips but near field communication, which is much harder to attack from a distance (if at all).

Anyone who wants to sit this out can get a new ID card before November. The old ID cards cost 8 EUR and are valid for 10 years.

I guess you have never lived in Germany and heard of Ausweispflicht ? Which by law requires any citizen to be able to identify his or her self. Even only being there on holiday as a visitor you must still be able to identify yourself , been there done that. The authorities do not take it lightly if you "forgot" your ID either, depending on the situation. Although I will credit you the sitting out part, if they get the new ID now then they can wait it out. Although didn't the Germans already implement biomet

"Ausweispflicht" means you have to have a passport or an ID card (You can have both, but you don't have to). You do not have to have either of them on you. Pissed off authorities are a fact of life, but they're not the law (yet). Public transport often requires a picture ID to be presented with a month pass. That is a contract thing and not related to the "Ausweispflicht".

The problem I have with the RFID chips is that, now, you can be tracked not only when you show your passport (or other id) to someone, but also without your consent or knowledge. Regardless of the official statements, these chips can be and have been read from meters away.

The authorities do not take it lightly if you "forgot" your ID either, depending on the situation.

Wrong, there is no actual problem with forgetting your ID, as there is no obligation to carry one with you - exception is the driving license when operating a vehicle.
Actually the police may demand you to fetch your ID at home or whereever it may be, and they might demand to bring you there themselves when they think you might flee. But I think that only happens when you're in suspicion for something.

The new online functions! If you dont understand german try google translate, here a quick translation

Identification on the Internet and on machines can in the future be done with the new identity card. This is simple and safe as the presentation of your previous card today.Even without being personally present you can use the online identity function (also: eID function) authenticate everywhere (where personalized services - are consequently offered and directly tailored to the individual user). With your new personal ID and your 6-digit PIN you can prove your identity in the electronic world simple, safe and reliable.

No, the PIN is for the authentication to the card. The card can have counter measures when you try to log in too many times. If you have 3 attempts, for instance, you have a chance of 3 out of a million to use the card. That is probably enough to make sure that the card was not used by somebody not knowing the PIN.

You only need those kind of large PIN if you have an unlimited (or at least very high) number of attempts.

So what's the big deal? The Netherlands has had a digital ID card for doing business with the government for years already. Now perhaps you enjoy standing in a line somewhere, but I prefer handling my business from the comfort of my chair, at any time of the day that is convenient for me and at a total lower cost to the taxpayer.

Now I don't quite see the point of RFID either, but being able to handle one's affairs over a distance sounds...convenient.

The German ID card is using the BAC protocol as well, but only for the basic data which is printed on the front of the card, the picture and the name. Other fields are protected by a stronger proprietary protocol.

you'd think history would have taught them to maximize personal liberties, not to diminish them in any way? Oh well, there is still zeit fur packen zee bagen.

No, they look to the government for guidance still. It's in the character. They still don't have real freedom of speech there.

OTOH, if you look at what set of circumstances us Americans revolted against the King Of England for and how it is today, all you see is more government and taxes than they ever accepted in every aspect of our lives. And peop

No, they look to the government for guidance still. It's in the character. They still don't have real freedom of speech there.

So it is only "freedom" if it is identical to your version of freedom ?

Please, cut down the arrogance a few notches, you'll notice the rest of the world likes you a lot better if you don't go around all the time assuming that your way is the one and only true path to whatever.

Our freedom of speech (I'm german) is as real as yours. We just have some priorities differently. For example, we don't allow people to threaten abortion doctors with murder under the cover of "free speech". Our version of your "free speech" is called "freie Meinungsäußerung". That has three parts: Free, speech and opinion. What it means is you can freely express your opinion. If you leave the area of expressing your opinion - and "we'll kill you" isn't an opinion anymore - you may run into trouble.

And no, we don't look for the government for guidance. In fact, our current government is such a joke, anyone who does look to them for anything except satire is retarded. However, what we do is not share the ridiculous paranoia about the government that is visible in the US. We don't think anything done by the government is automatically evil and to be mistrusted. We view the government as an entity much like many others - capable of both good and evil.

You are mistaken as to what is freedom of speech in USA, nobody is allowed to make direct threats of murder for example, but one can have an opinion that abortion doctors must be killed, it's an opinion.

Of-course one person's opinion may lead to another person's action, but the correct thing to do is to hold the one who takes action as the responsible party, not the one who says he has an opinion.

I am not American, in fact at this very moment I am in Germany, though I am Canadian, born in the former USSR.

I hold every single thing that government says or does as suspicious, I don't trust government at all, in any single one thing ever, and I am not an American.

Germany objectively has stronger restrictions on civil liberties than the US.

We just have some priorities differently.

German priorities were set by the allies after WWII. The primary goals were de-Nazificiation and prevention of a recurrence of WWII. Democratization and freedom were secondary concerns, merely means to an end. If Germany could have been pacified after WWII by turning it into a military dictatorship or splitting it up between its neigh

It is illegal to threaten anyone in America with murder or any other form of harm. You have been reading and believing too many anti-American rags. (all rags published in Europe, for example).Cut down your own arrogance a few notches.

Your government (Germany) has been maximum evil overlords more than once. Why do you have the idea that they have changed? Maybe they have learned to be less obvious about it, and not get caught?

The American gov sucks big time, and will abuse any power that they can get their hands on, legally or illegally.Your gov is the same.

The only difference is the morals and ethics of the people currently in the gov with access to these powers.American gov employees are low on the morals scale.I am sure Germans are similar. I think there is something about working for the gov, and military, that reduces morals, and attracts people with low morals, like our Bill Clinton, and a recent top gov official in Germany?

Comparing bad to bad just wastes time and energy. They are all bad. Get over it. Stop crowing that your bad gov is not as bad as ours.

What matters for the us/them distinction in this case is the history and culture of democracy and liberty. The US has more than two centuries of uninterrupted democratic governance. In the same period, Germany has had two failed democracies, a monarchy, a fascist state, a military dictatorship, and a communist state. In fact, the reason there are so many Americans of German ancestry is that so many Germans wanted to escape the chaos and repression they were experiencing in Germany.

you'd think history would have taught them to maximize personal liberties, not to diminish them in any way?

Second World War was generations ago. The lessons have been forgotten, so authoritarianism and militarism are once again on the rise in Europe, and will once again lead to the world burning. That will be followed by the survivors being horrified of what they have seen and done, and swearing "never again", but a few generations later things will deteriorate again. That is the cycle of human history, and it cannot be broken, since no matter what lessons you might learn, your children won't, and their children certainly won't care.

The lessons have been forgotten, so authoritarianism and militarism are once again on the rise in Europe, and will once again lead to the world burning.

Having lived in Europe on and off, sadly, I can confirm this. Part of the problem is European arrogance: for more than two centuries, Americans have had to listen to Europeans about how superior their culture and political systems are, only to watch them self-destruct like clockwork. Europeans simply can't imagine that their supposedly superior culture lea

I don't know, we live in a vastly different world than the ones before us. We are continuously confronted with what war achieves. Together with that, the introduction of the Euro means that we Europeans are very much in trouble together when we start a war with our neighbor. The history of the world is changing very rapidly, if there was any cycle it might well and truly be broken by now.

The most aggressive country by far is the US. It makes war with countries that never even threatened the US. It takes the

However, the fundamental liberties encoded in the German Basic Law (it's not a Constitution in the US sense) have eroded substantially in the last decades, because, unlike the U.S. with is very reluctant to amend its Constitution, Germans love to modify their Grundgesetz regularly... mostly to make it worse, i.e. take one more liberty away.

You forgot the third option; Fuck the US and its draconian immigration policies and never go there again. Works for me so far.

European, Asian, and Australian policies are no less draconian. They may seem a little less draconian to you at the border, but that's because those governments can track and check you anywhere once you're in the country.

The federal ID card is not "mandatory" in any sense except that you may have to show it for certain very fundamental occasions, notably voting. (May have to show, I should add - the last two federal elections I wasn't even asked for the ID card, just for my voter's notification.) You have to actively go out, apply for an ID card and pay the fee to get one. You can live a long and productive live and never use your ID at all, unless you're a lawyer by profession or get arrested a lot... Also, the new chip ID will be issued starting in September - it will be a long time until even a majority has one. I got an old-style ID in July, so I'm good until 2020, and even then I won't give my fingerprint for it, that's an optional feature (it's only required for international passports).

So, overall - yeah, this is a deal, but it's a lot less big a deal than the summary makes it sound like.

You have to actively go out, apply for an ID card and pay the fee to get one. You can live a long and productive live and never use your ID at all, unless you're a lawyer by profession or get arrested a lot...

Not quite. You will have to use it if you want to get a bank account (and I assuem you want one). If you're younger, you will have to use it to get a driver's license, probably to sign contracts, to get into music clubs late night, to get alcohol, even to play the lottery and of course everytime you fly within the EU.

So I say you can live a long and productive live alone in the mountains and never use your ID at all.

ou can live a long and productive live and never use your ID at all, unless you're a lawyer by profession or get arrested a lot...

Interesting. In Britain, you can't get a new job without showing a passport, because the employer has to check that you have the right to work there and are not an illegal immigrant, asylum seeker etc.

um, you won't INTENTIONALLY give your fingerprint for it, but if they want your fingerprint, or DNA, there is nothing you can do to stop them from getting it, except die. Even then, they can get it, but won't need it.

I find the most intriguing part of this whole thing is the decision to outsource the chips to a Dutch company. I wonder how long it will be before all the RFIDs fail and send only a message saying "Give us our bikes back".

What TFA forgets to mention is, that the ID card remains valid when you kill the RFID chip, as it still allows a person to be identified. Also, the fingerprint is a voluntary information to be stored. Most people won't know or bother and just let them store it anyway, though.
For my fellow citizens: get yourself a new ID card w/o RFID just now (it is only a few Euros more expensive when you "loose" your current ID). If you have to get, for some reasons, an ID card with RFID on it, just put it in the microwave oven for a minute or so. Chaos Computer Club has proven this to kill the chip reliably.

Yes, and the government is out on tracking everybody! Really if they want to track you they will no matter what. If I have to choose between a RFID chip in my ID card or a tinfoil hat and wallet. I'll take the RFID chip cause the chance of it being useful exceeds the chance of the government bothering to track everything I do.

No, the thing is, without this kind of technology, they can choose a number of individuals they have resources to track at the same time. With this type of technology, they can track everybody at the same time. With modern storage capacities, a future government can retroactively check what you have been doing through your life.

And it becomes a slippery slope. It starts with tracking terrorist suspects, proceeds to solving other crimes, and ends with tracking people who disagree with the current party in power and threaten their next election win, and after that all bets are off. Just hope you never visited a house where some opposition activist lived back then...

After 9/11, the US mandated biometric passports for all (if you wanted to enter the US).

Under legislation introduced after the September 11th attacks, the United States has tightened security measures for foreign tourists entering its country. The latest measure requires that by 2012, every traveler entering the United States who is part of the visa-waiver program must have a biometric passport or be forced to apply for a visa.......Initially, Washington gave a 2006 deadline for the 27 countries in the EU

Modern man wants a Welfare State (even USians, who either want a Welfare State or a Welfare Military Industrial Complex).

The only way to make that sustainable is (shock, horror!) _exclusivity_, because we don't have the tech to be a zero-cost goods and services cornucopia for everyone who wants to enter our countries for economic reasons.

We won't have police states to fend off crime, but we will require them to protect ourselves from invasion by people whose

However, no ideologue, from the Left or Right, can reasonably claim we can house and feed the rest of the world as it decides to show up on our doorstep.

Sure they can, perhaps not showing up on our doorstep, I mean a single nation can only hold so many people, but with universally available contraception so only people who want children have them, curbing population growth, and sustainable farming and forestry, there is enough arable land on the planet to feed and house 6 billion people.

The problem is the insularity of nations, we want to make our own citizens happy but we don't give a shit about the rest of the world. I realise I am being absurdly ideal

IPPA Computer: Welcome to the Identity Processsing Program of Uhmerica! Please insert your forearm into the forearm receptacle!IPPA Computer: Thank you! Please speak your name as it appears on your current federal identity card, document G24L8!Pvt. Joe Bowers: I'm not sure if...IPPA Computer: You have entered the name "Not Sure." Is this correct, Not Sure?Pvt. Joe Bowers: No, it's not correct...IPPA Computer: Thank you! "Not" is correct. Is "Sure" correct?Pvt. Joe Bowers: No, it's not, my name is Joe...IPPA Computer: You have already confirmed your first name is "Not." Please confirm your last name, "Sure."Pvt. Joe Bowers: My last name is not "Sure!"IPPA Computer: Thank you, Not Sure!Pvt. Joe Bowers: No, what I mean is my name is Joe...IPPA Computer: Confirmation is complete. Please wait while I tattoo your new identity on your arm!

Mine says "Number Six". Actually, Erich Honecker had "Number One" in his ID card, which would have made short work of the whole premise of "The Prisoner"http://en.wikipedia.org/wiki/The_Prisoner [wikipedia.org]

You have that right. Letting people know how to use the chip would compromise security, you see. Don't believe the people who say the chip has already been broken. These weren't officially tasked to do so by the government, so their results don't count. Also, why are you asking questions about this in the first place? Do you want the boogeymen to win? This is for your own safety, man! How could you be against that?

Although you may not be a troll, your information comes from bad movies, or old ones maybe.. Don't know.. If you could get past a little paranoia, and sense of superiority, and actually travel to Europe.. I think you would be shocked at how wrong your view of the world is.

According to a Supreme Court decision, in every state you are required to show your drivers license or state ID if requested by a peace officer. (Hiibel v. Sixth Judicial District Court of Nevada, 2004)

The trouble with the IC market is that it is rather volatile. So larger companies tend to separate themselves from the IC dept to keep the shareholders happy who don't like fluctuating stock. So it probably makes more sense to say that these companies were founded by their respective parents.